Description:
------------
There seems to be very few documentation about PDO::FETCH_SERIALIZE in the PHP manual but playing the guessing game from the code it seems that this feature aims to support SPL/Serialize interface. As I'm not sure about the purpose of PDO::FETCH_SERIALIZE I'm not sure if the following is a bug or not. However, it seems to me that PDO::FETCH_SERIALIZE unintentionally calls __construct().
One of the main ideas behind SPL/Serialize interface seems to be that for unserialization the constructor of a class does not get called. The constructor of a class has a different meaning than a helper function like unserialize() and thus should not be called automatically. Let's check:
class myclass implements Serialize {
public function __construct() {
printf("%s()\n", __METHOD__);
}
public function serialize() {
printf("%s()\n", __METHOD__);
return "any data from serialize()";
}
public function unserialize($dat) {
printf("%s(%s)\n", __METHOD__, var_export($dat, true));
}
}
$obj1 = new myclass()
---> myclass::__construct()
$tmp = serialize($obj1)
$obj2 = unserialize($tmp)
---> myclass::unserialize('any data from serizalize()')
__construct() gets called only once for object creation but not again during unserialization. Let's try that with PDO:
[...]
$stmt = $db->query("SELECT dat FROM test");
$rows = $stmt->fetchAll(PDO::FETCH_CLASS|PDO::FETCH_SERIZALIZE, "myclass");
--> myclass::unserialize("data from DB")
--> myclass::__construct()
[...]
PDO first calls unserialize() as its supposed to do. But then it also calls __construct() which is against the idea of the Serialize interface not to call the constructor automatically during unserialization.
Reproduce code:
---------------
sapi/cli/php -r '$db = new PDO("sqlite:/tmp/foo"); $db->exec("DROP TABLE test"); $db->exec("CREATE TABLE test(dat VARCHAR(100))"); $db->exec("INSERT INTO test(dat) VALUES (\"Data from DB\")"); class myclass implements Serializable { public function __construct() { printf("%s()\n", __METHOD__); } public function serialize() { return "any data from serizalize()"; } public function unserialize($dat) { printf("%s(%s)\n", __METHOD__, var_export($dat, true)); }} $stmt = $db->query("SELECT * FROM test"); var_dump($stmt->fetchAll(PDO::FETCH_CLASS|PDO::FETCH_SERIALIZE, "myclass")); $obj = new myclass(); var_dump(unserialize(serialize($obj)));'
myclass::unserialize('Data from DB')
myclass::__construct()
array(1) {
[0]=>
object(myclass)#3 (0) {
}
}
myclass::__construct()
myclass::unserialize('any data from serizalize()')
object(myclass)#4 (0) {
}

This bug has been fixed in CVS.
Snapshots of the sources are packaged every three hours; this change
will be in the next snapshot. You can grab the snapshot at
http://snaps.php.net/.
Thank you for the report, and for helping us make PHP better.
Commited in 5.3 and HEAD, thanks for the patch! :)